CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

185 matches found

RedhatCVE•added 2026/01/09 12:34 p.m.•10 views

CVE-2023-45396

An Insecure Direct Object Reference IDOR vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12...

6.5CVSS6.8AI score0.00382EPSS

Exploits0References1

Positive Technologies•added 2025/12/04 12:0 a.m.•2 views

PT-2025-49133

R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access...

8.7CVSS7.4AI score0.00311EPSS

Exploits1References4

RedhatCVE•added 2025/11/27 12:58 a.m.•14 views

CVE-2025-66259

Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in mainok.php user supplied data/hour/time is passed directl...

9.8CVSS7.4AI score0.00555EPSS

Exploits1References1

RedhatCVE•added 2025/11/27 12:58 a.m.•13 views

CVE-2025-66251

Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz...

9.1CVSS7AI score0.0041EPSS

Exploits1References1

RedhatCVE•added 2025/11/27 12:58 a.m.•7 views

CVE-2025-66262

Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arbitrary file overwrite via crafted archive...

9.8CVSS7.4AI score0.01199EPSS

Exploits1References1

RedhatCVE•added 2025/11/27 12:58 a.m.•12 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS5.8AI score0.00158EPSS

Exploits1References1

RedhatCVE•added 2025/11/27 12:58 a.m.•9 views

CVE-2025-66250

Unauthenticated Arbitrary File Upload statuscontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/statuscontents.php...

9.8CVSS7.3AI score0.00376EPSS

Exploits1References1

RedhatCVE•added 2025/11/27 12:58 a.m.•9 views

CVE-2025-66263

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...

8.9CVSS7.6AI score0.00331EPSS

Exploits1References1

EUVD•added 2025/11/26 3:30 a.m.•4 views

EUVD-2025-199678

Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...

7.8CVSS6.7AI score0.00329EPSS

Exploits1References2

EUVD•added 2025/11/26 3:30 a.m.•4 views

EUVD-2025-199680

Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...

8.4CVSS6.4AI score0.00306EPSS

Exploits1References2

NVD•added 2025/11/26 1:16 a.m.•5 views

CVE-2025-66258

7.1CVSS0.00158EPSS

Exploits1References1

NVD•added 2025/11/26 1:16 a.m.•8 views

CVE-2025-66263

8.9CVSS0.00331EPSS

Exploits1References1

NVD•added 2025/11/26 1:16 a.m.•8 views

CVE-2025-66252

8.4CVSS0.00306EPSS

Exploits1References1

Vulnrichment•added 2025/11/26 12:52 a.m.•3 views

CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection

8.9CVSS7.2AI score0.00331EPSS

Exploits1References1

CVE•added 2025/11/26 12:50 a.m.•14 views

CVE-2025-66262

CVE-2025-66262 affects DB Electronica Mozart FM Transmitter series (versions 30–7000). The root cause is tar extraction using -C / in restore_mozzi_memories.sh, which writes extracted files to the filesystem root without path validation. When combined with unauthenticated file upload vulnerabilit...

9.8CVSS7AI score0.01199EPSS

Exploits1References1Affected Software1

EUVD•added 2025/11/26 12:49 a.m.•4 views

EUVD-2025-199672

Unauthenticated OS Command Injection restoresettings.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec allows remote code execution. The...

9.9CVSS8.3AI score0.02011EPSS

Exploits1References2

CVE•added 2025/11/26 12:49 a.m.•10 views

CVE-2025-66261

CVE-2025-66261 describes an unauthenticated OS command injection in DB Electronica Mozart FM Transmitter devices (models 30–7000) via the /var/tdf/restore_settings.php endpoint. The vulnerability occurs because the user-controlled GET parameter name is URL-decoded and passed directly to exec() wi...

9.9CVSS8.4AI score0.02011EPSS

Exploits1References1Affected Software1

CVE•added 2025/11/26 12:48 a.m.•10 views

CVE-2025-66260

The CVE-2025-66260 entry concerns the DB Electronica Mozart FM Transmitter product line (versions 30–7000). The root cause is SQL injection in status_sql.php: the endpoint constructs UPDATE statements by directly concatenating user-supplied sw1 and sw2 parameters instead of using parameterized qu...

7.2CVSS7.9AI score0.00258EPSS

Exploits1References1Affected Software1